Ethical Hacking:
Network Testing
BT Network Testing services identify vulnerabilities in external and internal networks, services, protocols, convergence solutions and systems and devices, including VPN technologies. Our stringent network testing process includes a number of components, including a series of external vulnerability and penetration assessments, internal vulnerability and penetration evaluations, VPN vulnerability and penetration tests and, if applicable, an analysis of VoIP within your environment.
The ethical hacking team starts by trying to learn about the network using publicly available sources, including InterNIC, ARIN, DNS records, and hacker sites. After collaborating with your technical team to ensure that testing can continue without impacting operations, the team will begin scanning for vulnerabilities, testing TCP and UDP services and ports. Packet fragmenting and loose-source routing may be used in an attempt to bypass filtering routers and firewalls. This is followed by a manual verification of potential vulnerabilities. The team will then try to exploit any weaknesses to gain privileged access. The goal is to demonstrate the potential consequences of exploitation.
Before the project begins we will work with you to develop boundaries for actions and events that our team can perform during the vulnerability assessment. Any High-Risk vulnerabilities/risks identified during the assessment will be immediately communicated to you. After the testing has been completes, BT will provide your organization with a formal report that:
- A detailed explanation of the work that was completed and the methods used by the team to determine the results
- A listing of all the vulnerabilities and weaknesses of your environment with a ranking of their level of risk, the ease with which they can be exploited, and mitigating factors
- An explanation of how to mitigate or eliminate the vulnerabilities including enhancement of customer policies, adoption of industry best practices, changes to security processes and enhancement to the security architecture
|
privacy policy 
